-
漏洞信息

-
漏洞描述

OpenBB contains a flaw that may allow a remote attacker to upload arbitrary files that can be executed on other client systems. The issue is due to the software not validating file types or content for avatar uloads. By uploading a script file instead of an image, an attacker can then post to the board with the malicious avatar. Subsequent viewers of the post will then execute the script in the context of their system.

-
时间线

公开日期:
2004-04-24

发现日期:
Unknow

利用日期:2004-04-24

解决日期:Unknow

-
解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.